Comment 11 for bug 1269073

Robie Basak (racb) wrote :

Useful reading: http://man7.org/linux/man-pages/man4/random.4.html and http://en.wikipedia.org/wiki//dev/random

/dev/urandom does not block at the cost of not being the best quality entropy. /dev/random is recommended for long term cryptographic use, but at the cost of blocking if the kernel doesn't have enough entropy available.

If the problem is that in general use Tomcat takes longer to start listening on its socket (but is otherwise unaffected), then I think that the immediate problem could be fixed in the test case. It could use the symlink trick to simulate a system that does always have enough entropy available.

Question: should the test case be checking that Tomcat works eventually when enough entropy is provided, or that Tomcat starts listening quickly on an entropy-starved system?

An obvious secondary problem for users is "so how do I get enough entropy to get my VM running Tomcat to start listening faster, then?". The answer to this is the same as always - from the usual sources, including the option of an external hardware entropy source passed through to the VM, or from some other external source and fed in to the kernel from userspace.

A tertiary, perhaps blueprint-level item might be to make it easier for users to get entropy to their VMs, in order to make Ubuntu VM use better in general for all our users. This might involve us recommending a method and making it more automatic, for example via cloud-init.